cannot edit profile

[leverkusen]

edit.profile.php

    <?php
    session_start();
    include('core/init.inc.php');

    if(isset($_POST['username'])){
    $errors = array();
    }
    if(isset($_POST['grad'])){
    $errors = array();
    }
    if(isset($_POST['drzava'])){
    $errors = array();
    }
    if(isset($_POST['fan'])){
    $errors = array();
    }
    if(isset($_POST['website'])){
    $errors = array();
    }
           
                if (empty($errors)){
        $grad = htmlentities($_POST['grad']);
        $drzava = htmlentities($_POST['drzava']);
        $fan = htmlentities($_POST['fan']);
        $website = htmlentities($_POST['website']);
         
         mysql_query("UPDATE `users` SET `grad` = '{$grad}', `drzava` = '{$drzava}',`fan` = '{$fan}', `website` = '{$website}' WHERE `uid`='{$uid}'");
         
         
                $user_info = array();
                          $user_info['grad'] = "$grad";
                          $user_info['drzava'] = "$drzava";
                          $user_info['fan'] = "$fan";
                          $user_info['website'] = "$website";
     
     
        }else{
             $user_info = fetch_user_info($_SESSION['uid']);
        }
         
        ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
    <title>Global Betting</title>
    </head>
    <body>
    <div>
        <?php
           
            if (isset($errors) ==false){
                echo 'Click update to edit your profile.';
            }else if (empty($errors)){
                    echo 'Your profile has been updated!';
                    }else{
                        echo '<ul><li>'. implode('</li><li>'. $errors). '</li></ul>';
            }
           
            ?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']) && !empty($_SESSION['uid']))
{
	 ?>
            </div>
            <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method ="POST">
                
                        <div>
                        <label for="username">Username</label>
                            <input type="text" name="username" id="username" value="<?php echo $user_info ['username']; ?>" />
                            </div><div>
                        <label for="grad">Grad</label>
                            <input type="text" name="grad" id="grad" value="<?php echo $user_info['grad']; ?>" />
                            </div>
                            <div>
                        <label for="drzava">Drzava</label>
                            <input type="text" name="drzava" id="drzava" value="<?php echo $user_info ['drzava']; ?>" />
                            </div>
                            <div>
                        <label for="fan">Fan</label>
                            <input type="text" name="fan" id="fan" value="<?php echo $user_info ['fan']; ?>" />
                            </div>
                            <div>
                        <label for="website">Website</label>
                            <input type="text" name="website" id="website" value="<?php echo $user_info ['website']; ?>" />
                            </div>
                            <div>
                                 <input type="submit" value="Update" />
                                     </div>
                                     </form>
                                     </body>
                                     </html>
<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
	 $username = mysql_real_escape_string($_POST['username']);
         $password = md5(mysql_real_escape_string($_POST['password']));
    
	 $checklogin = mysql_query("SELECT * FROM users WHERE username = '".$username."' AND password = '".$password."'");
    
    if(mysql_num_rows($checklogin) == 1)
    {
    	 $row = mysql_fetch_array($checklogin);
        
        $_SESSION['Username'] = $username;
        $_SESSION['LoggedIn'] = 1;
        $_SESSION['uid'] = $row['uid'];

        
    	 echo "<h1><center>Success</center></h1>";
        echo "<p><center>We are now redirecting you to the member area.</center></p>";
        echo "<meta http-equiv='refresh' content='=2;user.php' />";
    }
    else
    {
    	 echo "<h1>Error</h1>";
        echo "<p>Sorry, your account could not be found. Please <a href=\"user.php\">click here to try again</a>.</p>";
    }
}
else
{
	?>
<?php
}
?>

login.php

<?php
}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
	 $username = mysql_real_escape_string($_POST['username']);
    $password = md5(mysql_real_escape_string($_POST['password']));
    
	 $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
    
    if(mysql_num_rows($checklogin) == 1)
    {
    	 $row = mysql_fetch_array($checklogin);
        
        $_SESSION['Username'] = $username;
        $_SESSION['LoggedIn'] = 1;
        $_SESSION['uid'] = $row['uid'];

        
        echo "<h1><center>Success</center></h1>";
        echo "<p><center>We are now redirecting you to the member area.</center></p>";
        echo "<meta http-equiv='refresh' content='=2;user.php' />";
    }
    else
    {
    	 echo "<h1>Error</h1>";
        echo "<p>Sorry, your account could not be found. Please <a href=\"user.php\">click here to try again</a>.</p>";
    }
}
else
{
	?>
<?php
}
?>

init.inc.php

<?php

session_start();

$dbhost = ""; // this will ususally be 'localhost', but can sometimes differ
$dbname = ""; // the name of the database that you are going to use for this project
$dbuser = ""; // the username that you created, or were given, to access your database
$dbpass = ""; // the password that you created, or were given, to access your database

mysql_connect($dbhost, $dbuser, $dbpass) or die("MySQL Error: " . mysql_error());
mysql_select_db($dbname) or die("MySQL Error: " . mysql_error());


$path = dirname (__FILE__);

include "$path/inc/user.inc.php";

?>

user.inc.php

<?php
session_start();
     
                           
    function fetch_users (){
        $result = mysql_query('SELECT `uid` AS `id`, `username` AS `username` FROM `users`');
     
     
        $users = array();
     
            while (($row = mysql_fetch_assoc($result)) != false){
                $users[] = $row;
            }
     
        return $users;     
    }
     
     function fetch_user_info($uid){
        $uid = (int)$uid;
    
           
            $sql = "SELECT
                          `username` AS `username`,
                                      `grad` AS `grad`,
                                      `drzava` AS `drzava`,
                                      `fan` AS `fan`,
                                      `Website` AS `Website`
                                      FROM users
                                      WHERE `uid` = '$uid'";
                                     
            $result = mysql_query($sql);
     
        return mysql_fetch_assoc($result); 
    
     }
    function set_profile_info($username, $grad, $drzava, $fan, $website){
             $username = mysql_real_escape_string(htmlentities($username));
             $grad       =  mysql_real_escape_string(htmlentities($grad));
             $drzava       =  mysql_real_escape_string(htmlentities($drzava));
             $fan       =  mysql_real_escape_string(htmlentities($fan));
             $website       =  mysql_real_escape_string(htmlentities($website));
             $uid = $_SESSION['uid'];
             
        mysql_query("UPDATE `users` SET `username` = `$username`, `grad` = `$grad`, `drzava` = `$drzava`,`fan` = `$fan`, `website` = `$website` WHERE `uid`=`$uid`");             
    }
     
     
    ?>

[ExtremeGaming]

Change:

if (empty($errors)){
        $grad = htmlentities($_POST['grad']);
        $drzava = htmlentities($_POST['drzava']);
        $fan = htmlentities($_POST['fan']);
        $website = htmlentities($_POST['website']);
         
         mysql_query("UPDATE `users` SET `grad` = '{$grad}', `drzava` = '{$drzava}',`fan` = '{$fan}', `website` = '{$website}' WHERE `uid`='{$uid}'");

In edit_profile.php to:

if (empty($errors)){
        $grad = mysql_real_escape_string(htmlentities($_POST['grad']));
        $drzava = mysql_real_escape_string(htmlentities($_POST['drzava']));
        $fan = mysql_real_escape_string(htmlentities($_POST['fan']));
        $website = mysql_real_escape_string(htmlentities($_POST['website']));
         
         mysql_query("UPDATE `users` SET `grad` = '{$grad}', `drzava` = '{$drzava}',`fan` = '{$fan}', `website` = '{$website}' WHERE `uid`='{$uid}'") or die(mysql_error());

[leverkusen]

i dont get any mysql error very strange
hope you can take this scripts and edit them in your computer, then you will know when they will work

[ExtremeGaming]

Insert this somewhere in edit_profile.php where you will be able to see it being displayed:

echo "<h1>The current SESSION UID is: ".$_SESSION['uid']."</h1>";

What does it display?

Also why is edit_profile.php containing what should be on login.php? Post login.php correctly as it won't start with an } else if...

[leverkusen]

haha just what i though, its a session problem
The current SESSION UID is:

[leverkusen]

btw i added in edit.profile.php a part from login because of users to not see the page if they are logged in(edit.profile.php)

[ExtremeGaming]

Ok first step to debugging it is...do you actually have a column in your users database called uid?

[leverkusen]

yes i have a column called uid auto increment primary
and how does login fails if i do not see the page when im logged out

[ExtremeGaming]

What is user.php?

Are you using session_unset(); or session_destroy(); in any places other than logout?

[leverkusen]

you mean profile.php?

<?php

include('core/init.inc.php');

$user_info = fetch_user_info($_GET['uid']);

?>
<?php

if ($user_info === false){
    echo 'That user does not exist.';
}else{

?>
<?php
}
?>
<!-- sidebar -->
<div id="sidebar">

<div class="block">
<div class="block-bot">
<div class="head"><div class="head-cnt"><h3><?php echo $user_info['username']; ?> profile</h3></div></div><font size="3"><b><table cellspacing="5"><tr></tr><tr><td> <a>Titles:</a><font color="orange"><?php echo $user_info['titles']; ?></font></td></tr><tr><td> <a>Name:</a><font color="orange"><?php echo $user_info['username']; ?></font></td></tr><tr><td> <a>Country:</a><font color="orange"><?php echo $user_info['drzava']; ?></font></td></tr><tr><td> <a>City:</a><font color="orange"><?php echo $user_info['grad']; ?></font></td></tr><tr><td> <a>Fan of:</a><font color="orange"><font color="orange"><?php echo $user_info['fan']; ?></font></font></td></tr><tr><td> <a>Website:</a><a target="_blank" href="<?php echo $user_info['website']; ?>"><font color="lime">link</font></td></tr><tr><td> <a href="index.php"><font color="lime"> <<< </font></a></td></tr><tr></tr></table></b></font></div>
</div>

Are you using session_unset(); or session_destroy(); in any places other than logout?: No

[ExtremeGaming]

Your login page says you are redirecting users to a user.php.

[leverkusen]

actually redirects to login.php again but on the content which cannot be seen without loggin in

[ExtremeGaming]

Put this at the top of login.php within your php tags and remove the redirect for now so it remains on the same page.

error_reporting(E_ALL);
ini_set('display_errors', '1');

[leverkusen]

still not editing the profile

[ExtremeGaming]

If you put that on login.php, removed the redirect on login.php, and received no errors warnings or notices, I really have no idea

[leverkusen]

really no erors, nothing, except we know that the session is empty somehow
i have 1 idea and now will try it, on other hosting, maybe is a hosting problem i had few problems with this hosting so i hope that is

[jacek]

Going off the last posted code I spotted a few problems.

This block

    session_start();
    include('core/init.inc.php');
 
    if(isset($_POST['username'])){
    $errors = array();
    }
    if(isset($_POST['grad'])){
    $errors = array();
    }
    if(isset($_POST['drzava'])){
    $errors = array();
    }
    if(isset($_POST['fan'])){
    $errors = array();
    }
    if(isset($_POST['website'])){
    $errors = array();
    }

makes no sense. You are probably meant to be validating the various inputs here in which case it would look more like

include('core/init.inc.php');

$errors = array();

if (!isset($_POST['username'])){
	$errors[] = 'You must enter your username';
}

You also do not need the session_start() since that is done in the init.inc.php file.

In the same file you are not using the set_profile_info() function like you should be, instead you use the raw SQL which just gets confusing and should be avoided.

The final problem is with the login system which seems to be from another tutorial, it's really not a good idea at all to combine two tutorials in the hope of making a working system. I have a full series on a much more organised login system which leads on to the profile system so it might be a good idea to start from there.

[leverkusen]

when i change

session_start();
    include('core/init.inc.php');
 
    if(isset($_POST['username'])){
    $errors = array();
    }
    if(isset($_POST['grad'])){
    $errors = array();
    }
    if(isset($_POST['drzava'])){
    $errors = array();
    }
    if(isset($_POST['fan'])){
    $errors = array();
    }
    if(isset($_POST['website'])){
    $errors = array();
    }

to

    include('core/init.inc.php');
     
    $errors = array();
     
    if (!isset($_POST['username'])){
            $errors[] = 'You must enter your username';
    }
     

i get error Warning: implode() [function.implode]: Argument must be an array in /home/a8772784/public_html/edit_profile.php on line 46

echo '<ul><li>'. implode('</li><li>'. $errors). '</li></ul>';

this is line 46
Now when i login i get echo of a user in html about his country and city, thats good, but still cant edit those information probably because of this error.
And some strange bolded black dot is appearing

[ExtremeGaming]

Well, for starters, php functions use a comma to seperate arguments, not a period. So change

echo '<ul><li>'. implode('</li><li>'. $errors). '</li></ul>';

To

echo '<ul><li>'. implode('</li><li>', $errors). '</li></ul>';

The change you made could not possibly result in that error, so what else did you change?

[leverkusen]

No i havent changed anything error in line 46 is gone
when i log in with usernames i get different informations whats good, but above html box i have 'You must enter your username'
When i want to edit anything in profile i get echo 'Your profile has been updated'! but when i refresh there are still old informations but no 'You must enter your username'
edit-profile.php

    <?php
    include('core/init.inc.php');
 
    $errors = array();
 
    if (!isset($_POST["username"])){
              $errors[] = 'You must enter your username';
    }        
    if (empty($errors)){
            $grad = mysql_real_escape_string(htmlentities($_POST['grad']));
            $drzava = mysql_real_escape_string(htmlentities($_POST['drzava']));
            $fan = mysql_real_escape_string(htmlentities($_POST['fan']));
            $website = mysql_real_escape_string(htmlentities($_POST['website']));
             
mysql_query("UPDATE `users` SET `grad` = '{$grad}', `drzava` = '{$drzava}',`fan` = '{$fan}', `website` = '{$website}' WHERE `uid`='{$uid}'") or die(mysql_error());

         
                $user_info = array();
                          $user_info['grad'] = "$grad";
                          $user_info['drzava'] = "$drzava";
                          $user_info['fan'] = "$fan";
                          $user_info['website'] = "$website";
     
     
        }else{
             $user_info = fetch_user_info($_SESSION['uid']);
        }
         
        ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-type" content="text/html; charset=utf-8" />
    <title>Global Betting</title>
    </head>
    <body>
    <div>
        <?php
           
            if (isset($errors) ==false){
                echo 'Click update to edit your profile.';
            }else if (empty($errors)){
                    echo 'Your profile has been updated!';
                    }else{
                         echo '<ul><li>'. implode('</li><li>', $errors). '</li></ul>';

            }
           
            ?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']) && !empty($_SESSION['uid']))
{
	 ?>
            </div>
            <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method ="POST">
                
                        <div>
                        <label for="username">Username</label>
                            <input type="text" name="username" id="username" value="<?php echo $user_info['username']; ?>" />
                            </div><div>
                        <label for="grad">Grad</label>
                            <input type="text" name="grad" id="grad" value="<?php echo $user_info['grad']; ?>" />
                            </div>
                            <div>
                        <label for="drzava">Drzava</label>
                            <input type="text" name="drzava" id="drzava" value="<?php echo $user_info['drzava']; ?>" />
                            </div>
                            <div>
                        <label for="fan">Fan</label>
                            <input type="text" name="fan" id="fan" value="<?php echo $user_info['fan']; ?>" />
                            </div>
                            <div>
                        <label for="website">Website</label>
                            <input type="text" name="website" id="website" value="<?php echo $user_info['website']; ?>" />
                            </div>
                            <div>
                                 <input type="submit" value="Update" />
                                     </div>
                                     </form>
                                     </body>
                                     </html>
<?php
}
?>

login(user).php

<?php include "base.php"; ?>
<?php
if(!empty($_SESSION['LoggedIn']) && !empty($_SESSION['Username']))
{
	 ?>
<?php

}
elseif(!empty($_POST['username']) && !empty($_POST['password']))
{
	 $username = mysql_real_escape_string($_POST['username']);
         $password = md5(mysql_real_escape_string($_POST['password']));
    
	 $checklogin = mysql_query("SELECT * FROM users WHERE Username = '".$username."' AND Password = '".$password."'");
    
    if(mysql_num_rows($checklogin) == 1)
    {
    	 $row = mysql_fetch_array($checklogin);
        
        $_SESSION['Username'] = $username;
        $_SESSION['LoggedIn'] = 1;
        $_SESSION['uid'] = $row['uid'];

        
        echo "<h1><center>Success</center></h1>";
        echo "<p><center>We are now redirecting you to the member area.</center></p>";
        echo "<meta http-equiv='refresh' content='=2;user.php' />";
    }
    else
    {
    	 echo "<h1>Error</h1>";
        echo "<p>Sorry, your account could not be found. Please <a href=\"user.php\">click here to try again</a>.</p>";
    }
}
else
{
	?>
<br>
<center>
<form method="post" action="/user.php">
<table align="center" cellpadding="2" cellspacing="5">
	<tbody><tr><td style="width: 100px;"><div align="left"><b>Username:</b></div></td><td><div align="left"><input required="required" name="username" class="login" size="32" type="text"></div></td></tr>
	<tr><td style="width: 100px;"><div align="left"><b>Password:</b></div></td><td><div align="left"><input required="required" name="password" class="login" size="32" type="password"></div></td></tr>
	<tr><td colspan="2"><div align="right"><input class="dugme_login" value="login" type="submit"></div></td></tr>
</tbody></table>
</form>
</center>
<br>
<?php
}
?>

[jacek]

You blindly copied

if (!isset($_POST["username"])){

you were meant to substitute your variable name

the stuff I said about the login system still applied too.